public interface Policy
Policy class with a unique name
and add checks within that code. For example:
public class MyPolicy implements Policy {
public final static string NAME = "MyPolicy";
public String getName() {
return NAME;
}
}
public void someImportantMethod() {
IObject objBeingAccessed = ...;
policyService.checkRestriction(MyPolicy.NAME, objBeingAccessed);
// Here an exception may be thrown
}
| Modifier and Type | Method and Description |
|---|---|
void |
checkRestriction(ome.model.IObject obj)
Like
isRestricted(IObject) but throws an appropriate
SecurityViolation subclass if the restriction is active. |
java.lang.String |
getName()
Unique name for a class of restrictions that this
Policy
will enforce. |
java.util.Set<java.lang.Class<ome.model.IObject>> |
getTypes()
|
boolean |
isRestricted(ome.model.IObject obj)
Checks whether or not this instance would throw a
SecurityViolation if the same instance were passed to
checkRestriction(IObject). |
java.lang.String getName()
Policy
will enforce. This string will be sent to clients via
Permissions.copyExtendedRestrictions() in
order to prevent exceptions, and server-code will pass the same name
to the check method to potentially have an exception thrown.java.util.Set<java.lang.Class<ome.model.IObject>> getTypes()
Policy should tell the PolicyService which types
of IObject instances it cares about. Only those which are of
interest to some Policy need be considered.boolean isRestricted(ome.model.IObject obj)
SecurityViolation if the same instance were passed to
checkRestriction(IObject). This is likely determined by first
testing the type of the IObject and then that the
current user context has access to the given context.obj - a non-null IObject instance.Policy decides that a restriction should be
placed on the passed context.void checkRestriction(ome.model.IObject obj)
throws ome.conditions.SecurityViolation
isRestricted(IObject) but throws an appropriate
SecurityViolation subclass if the restriction is active.ome.conditions.SecurityViolation